[Secure-testing-commits] r45750 - data/CVE
Antoine Beaupré
anarcat at moszumanska.debian.org
Sat Oct 29 17:24:10 UTC 2016
Author: anarcat
Date: 2016-10-29 17:24:10 +0000 (Sat, 29 Oct 2016)
New Revision: 45750
Modified:
data/CVE/list
Log:
Summary: better link for poc as well
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-10-29 17:21:46 UTC (rev 45749)
+++ data/CVE/list 2016-10-29 17:24:10 UTC (rev 45750)
@@ -8217,7 +8217,7 @@
RESERVED
- tar <unfixed> (bug #842339)
NOTE: https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt
- NOTE: POC in https://bugzilla.novell.com/show_bug.cgi?id=1007188#c1 (etc/shadow should not be extracted when asking for etc/motd)
+ NOTE: POC in https://sintonen.fi/advisories/tar-poc.tar (etc/shadow should not be extracted when asking for etc/motd)
NOTE: Proposed patch: https://sintonen.fi/advisories/tar-extract-pathname-bypass.patch
CVE-2016-6320 (Cross-site scripting (XSS) vulnerability in ...)
- foreman <itp> (bug #663101)
More information about the Secure-testing-commits
mailing list